Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

3 Smartphone Security Considerations for Enterprises

The popularity of G1, the iPhone and other smartphones means enterprises need to think about security and management. With that in mind, here are some things to consider as you set your security policies.

WEBINAR:On-Demand

From the iPhone to T-Mobile's G1, smartphones have become pervasive in today's enterprises.

What are not always pervasive are sound security practices for controlling them. While malware for mobile devices is not especially widespread, hundreds of unique pieces of smartphone malware such as -Sexy View' have been identified. Then there are the hacks.

In a demonstration, Trust Digital showed how it was possible to use an SMS control message to silently change the phone's configuration, for example, turning off security settings for e-mail transmission such as SSL. With all this in mind, here are a few things enterprises should consider when it comes to smartphone security.

1. Take a Business-Centric Approach to Planning

Further reading

Philippe Winthrop, an analyst with Strategy Analytics, said businesses need to know how many smartphones they have and what they are being used for. "Go through and use cross-functionality teams ... within your organization to understand what the line of business is going to want to do with these solutions, but make sure of course that it's going to play nicely with what the IT department needs to do."

2. Develop a Configuration Plan

In a report titled "Q&A: 10 Smartphone Security Failures You Want to Avoid," Gartner analyst John Girard noted that any system that lacks a known, trackable and updatable configuration is impossible to properly manage, secure and support. The result is users handling troubleshooting and modifications on their own, which can in turn open up its own set of worms if their changes make the device less secure, he wrote. When it comes to planning operational requirements, smartphones should be treated like PCs, the report continues.

"When companies move to personal liability phones, or tell people to use their personal phones at work, serious vulnerabilities arise if the company does not at least have a plan for managing diversity and controlling exposures," Girard told eWEEK. "Ideally, companies would still invest in centralized management consoles for phones and take policy control of personal phones whenever possible."

3. Set Sound Default Browser Permission Rules

One of the main doors malware walks through to get on a system is the browser. "Today's smartphones increasingly include more fully functional browsers that are quickly moving toward a level of functionality rivaling that of desktop versions," said Scott Crawford, an analyst with Enterprise Management Associates. "Considering that attackers increasingly focus on both Web applications and the vulnerabilities not only of browsers but of their many multifunctional add-ons, this increases concerns that mobile devices may add to the Web and browser attack surface already highly targeted."

Doing all this, however, depends not only on how much control enterprises want over the devices, but how much they can actually have, Crawford said.

"In the iPhone's case, for example, on-device control [a management agent, for example] is limited by what Apple is willing to make available via the App Store," he said. "Otherwise, the customer must either consider 'jailbreaking' the phone-not an option in the typical enterprise-or considering an off-device alternative. ... Other than that, organizations may want to deploy solutions that enable a secure 'wipe' of information from a lost or stolen device-whenever it connects to the network, for example."

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.